show whether a customer is deavtivated after successful login rather then nothing at all

Signed-off-by: Michael Kaufmann (d00p) <d00p@froxlor.org>

index.php

@@ -119,6 +119,13 @@ if ($action == 'login') {
 			redirectTo('index.php', array('showmessage' => '3'));
 			exit;
 		} elseif (validatePasswordLogin($userinfo, $password, $table, $uid)) {
+		    // only show "you're banned" if the login was successfull
+		    // because we don't want to publish that the user does exist
+		    if ($userinfo['deactivated']) {
+		        unset($userinfo);
+		        redirectTo('index.php', array('showmessage' => '5'));
+		        exit;
+		    } else {
 		        // login correct
 		        // reset loginfail_counter, set lastlogin_succ
 		        $stmt = Database::prepare("UPDATE $table
@@ -128,6 +135,7 @@ if ($action == 'login') {
 		        Database::pexecute($stmt, array("lastlogin_succ" => time(), "uid" => $userinfo[$uid]));
 		        $userinfo['userid'] = $userinfo[$uid];
 		        $userinfo['adminsession'] = $adminsession;
+		    }
 		} else {
 			// login incorrect
 			$stmt = Database::prepare("UPDATE $table
@@ -269,6 +277,9 @@ if ($action == 'login') {
 		case 7:
 			$message = $lng['pwdreminder']['wrongcode'];
 			break;
+		case 8:
+		    $message = $lng['pwdreminder']['notallowed'];
+		    break;
 		}
 
 		$update_in_progress = '';
@@ -326,8 +337,8 @@ if ($action == 'forgotpwd') {
 
 			/* Check whether user is banned */
 			if ($user['deactivated']) {
-				$message = $lng['pwdreminder']['notallowed'];
-				redirectTo('index.php', array('showmessage' => '5'));
+				redirectTo('index.php', array('showmessage' => '8'));
+				exit;
 			}
 
 			if (($adminchecked && Settings::Get('panel.allow_preset_admin') == '1') || $adminchecked == false) {